Yet another Aadhaar data leak has come to light. This time involving the Indian Oil Corporation owned gas agency Indane.

This is a repeat of the many Aadhaar leaks we have seen in the past, where Aadhaar data stored on a website has been left exposed because of bad security practices.

According to a report in TechCrunch, local gas company Indane had left part of its website exposed to dealers and distributors who could access the Aadhaar data using a valid user name and password. But thanks to not having enough security measures in place, part of the website was indexed in Google searches, giving anyone unfettered access to the database — even without any login details. Indane has around 90 million total customers across India.

The exposed data was brought to notice by a security expert who wants to remain anonymous. French security researcher Robert Baptiste who goes by the Twitter handle Elliot Alderson used a custom-built Python script to scrape this database and was able to customer data for 11,000 dealers. This data included the name and addresses of customers as well as their Aadhaar numbers. According to Baptiste, he was able to get details of 5.7 mn Indane customers before his script was blocked.

Baptiste even studied the Android app of Indane, which had a ‘Locate your Distributor’ section in its code. Using his custom Python script, Baptiste was able to get 11,062 valid dealer IDs. “After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak,” said Baptiste in his blog post.

Baptiste even said that he had disclosed the leak to Indane, but did not get any response from them.

However, the Indian Oil Corporation ltd dismissed the report saying there was no such data leak through the Indane website. It also said that the software of the Indian Oil only captures only the Aadhaar number and no other details for LPG subsidy transfer.

It further clarified that no Aadhaar number was hosted on the official website of Indane.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Unauthorized Content Copy Is Not Allowed
Scroll to Top
%d bloggers like this: